Bugzilla – Bug 1159924
VUL-0: CVE-2019-11046: php5,php72,php7,php53: OOB read in bc_shift_addsub
Last modified: 2020-04-29 13:46:43 UTC
rh#1786567 A vulnerability was found in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. Reference: https://bugs.php.net/bug.php?id=78878 References: https://bugzilla.redhat.com/show_bug.cgi?id=1786567 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11046 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11046.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11046 https://bugs.php.net/bug.php?id=78878
I cannot reproduce. I get everywhere: $ valgrind -q php test.php PHP Notice: Use of undefined constant ²6483605105519922841849335928742092 - assumed '²6483605105519922841849335928742092' in /159924/test.php on line 3 bc math warning: non-zero scale in modulus 0$ (compare with [2019-11-29 07:37 UTC] thomas-josef dot riedmaier at siemens dot com in the upstream bug)
Patch applies cleanly everywhere. Will submit for: 15/php7, 12/php72, 12/php7, 11sp3/php53, 11/php5 and 10sp3/php5.
(Testcase from the upstream bug.)
I have also submitted 7.3.13 version update into 15sp2.
Packages submitted. I believe all fixed.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2020-01-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64405
SUSE-SU-2020:0101-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): php7-7.2.5-4.49.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): php7-7.2.5-4.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0080-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: openSUSE Leap 15.1 (src): php7-7.2.5-lp151.6.19.2, php7-test-7.2.5-lp151.6.19.2
SUSE-SU-2020:0267-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php72-7.2.5-1.32.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php72-7.2.5-1.32.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php72-7.2.5-1.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0352-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php7-7.0.7-50.91.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php7-7.0.7-50.91.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-50.91.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Submitted also for devel:languages:php:php56/php5. Submitted also for 12/php5.
SUSE-SU-2020:14289-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1159922,1159923,1159924,1159927,1161982,1162629 CVE References: CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2019-20433,CVE-2020-7059 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-112.79.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): php53-5.3.17-112.79.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:0522-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1145095,1146360,1154999,1159922,1159923,1159924,1159927,1161982,1162629,1162632 CVE References: CVE-2019-11041,CVE-2019-11042,CVE-2019-11043,CVE-2019-11045,CVE-2019-11046,CVE-2019-11047,CVE-2019-11050,CVE-2020-7059,CVE-2020-7060 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php5-5.5.14-109.68.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-109.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done